Commit Graph

29730 Commits

Author SHA1 Message Date
Peter Krempa
5591ba2889 storage: Don't report OOM error on failure of glfs_new
OOM isn't the only failure glfs_new can encounter. Report an error which
might give more insight. libgfapi seems to be setting errno but
reporting a system error migt be misleading.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:20 +01:00
Peter Krempa
0af84a81fc util: json: Report non-OOM error on yajl failure
The yajl library returns a wide range of error codes so reporting OOM on
any failure is wrong. In case the error was really based by memory issue
the error reporting will probably cause an abort anyways. Change the
error message so that we know that it happened in JSON at least.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:20 +01:00
Peter Krempa
e09c852782 virVBoxSnapshotConfSaveVboxFile: abort() on failure to allocate xmlDoc and comment
'xmlNewDoc' and 'xmlNewDocComment' return NULL only on allocation
failure. Attempting to raise an error is pointless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:20 +01:00
Peter Krempa
c0e65398d9 libxl: abort() on failure of libxl_cpu_bitmap_alloc()
Attempting to report error in case when we ran out of memory is
pointless.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:20 +01:00
Peter Krempa
3fdf0013e5 vbox: abort() on allocation failure in UTF8<->UTF16 conversion
Trying to report an error on OOM is pointless since error handling
allocates memory.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:20 +01:00
Peter Krempa
695d469238 hyperv: abort() failure of wsmc_fault_new()
The function just allocates a helper object. Reporting errors would be
pointless when we encounter OOM situation.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
dda78f0b62 util: iohelper: Don't handle OOM from posix_memalign
Similarly to other allocation calls abort() on failure.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
cc622f5548 virURIFormat: abort() on failure
If the argument of 'xmlSaveUri' is non-NULL the function returns NULL on
OOM failure only. Thus we can directly abort rather than try to do the
impossible recovery.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
06fc9f8e32 util: virprocess: abort() on CPU_ALLOC failure
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
5f5b676086 virXMLParseHelper: abort() on allocation failure
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
45edcd9f89 virXMLXPathContextNew: abort() on allocation failure
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
c3a5c67a84 Don't report OOM error on xmlCopyNode failure
Out of memory isn't the only reason the function can fail. Add a message
stating that copying of a XML node failed.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
ec6e2a2c97 util: xml: Add wrapper for 'xmlNewNode'
Add a wrapper that will handle the out of memory condition by abort()
and also prevents callers from having to typecast the argument.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
2b0f2a0a07 util: xml: Add virXMLBufferCreate wrapper
'xmlBufferCreate' returns NULL only on allocation failure. Add a wrapper
which will call 'abort()' in such case in a centralised spot. It doesn't
make much sense to continue execution from here.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
7a0b625ea2 util: virnetlink: Add wrapper for 'nlmsg_alloc_simple'
The function is used in many places and fails only on allocation
failures. Since trying to recover from allocation failure of a small
buffer by reporting error doesn't make sense add a wrapper for
'nlmsg_alloc_simple' which will 'abort()' on failure and replace all
allocations of netlink message with the new helper.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
bbc25f0d03 virfirewall: Remove impossible OOM error reporting
There's nothing that would set the 'err' field of virFirewallPtr to
ENOMEM so we can remove the checks.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
2a620b1200 virfirewall: virFirewallAddRuleFullV: Remove OOM check from VIR_APPEND_ELEMENT
VIR_APPEND_ELEMENT_COPY will abort the program on OOM so there's no need
to check.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
1a1a926804 virfirewall: Remove OOM checks from virFirewallStartTransaction
Neither virFirewallGroupNew nor VIR_EXPAND_N can fail.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
b8aa25f560 virfirewall: Don't check OOM in ADD_ARG macro
VIR_RESIZE_N can't fail nowadays, adjust the macro.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
22dbafe092 virCloseCallbacksGetForConn: Remove OOM handling
VIR_EXPAND_N will abort so we can simplify the hash iterator.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
9339163894 util: vircommand: Remove OOM handling
The OOM error handling is dead code nowadays.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
c7dc99e84f virDomainDefSetMetadata: Rework memory handling
Switch to use g_autoptr for 'doc' and 'new' local variables.
Additionally report proper error when 'xmlAddChild' fails because OOM is
not the only error it can report.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
e2ac76f707 lxc_process: Remove OOM handling from logging setup
'virLogGetFilters' doesn't return failure and 'virLogGetOutputs' reports
it's own errors.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
ccac1c2623 virBuildPath: Remove return value
The function can't fail nowadays, remove the return value and adjust
callers.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
542b2b2914 virCPUx86DataParse: Don't check error from x86FeatureNames
x86FeatureNames uses virBuffer and thus can't fail nowadays.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
e3a792a39b virCommandAddArgBuffer: Simplify clearing of @buf
Get the buffer contents into a temporary variable with automatic
clearing so that the error branches don't have to reset the buffer.
Additionally handle the NULL string case before assignment.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
13a9075cea virCommandAddEnv: Make stealing of argument more obvious
The function is supposed to always consume the passed environment
variable string. Use a temp variable with autofree and g_steal_pointer
to prevent having to free it manually.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
b356a3ce7c virDomainDefSetMetadata: Avoid temporary variable for string copy
Since error checking was removed when switching to g_strdup, it doesn't
make much sense to have 'tmp' around.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
3560f75d2d util: xml: Introduce autoptr cleanup support for 'xmlNode'
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Peter Krempa
c419ad8258 Remove useless comments for VIR_FROM_THIS definition
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-02 09:50:19 +01:00
Michal Privoznik
144cb28e6b virtpm: Fix @path handling in virTPMEmulatorInit()
This function finds "swtmp", "swtpm_setup" and "swtpm_ioctl"
binaries in $PATH and stores resolved paths in global variables
so that they can be obtainer later. Anyway, the resolved path is
marked as g_autofree and to avoid its freeing later on in the
function the variable is set to NULL manually. Well, we have
g_steal_pointer() for that.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-02 09:49:23 +01:00
Michal Privoznik
25ebb45a81 qemu_tpm: Generate log file path among with storage path
When starting a guest with TPM of type='emulator' an external
process is started with it (swtpm) to emulate TPM. This external
process is passed path to a log file via --logfile. The path to
the log file is generated in qemuTPMEmulatorPrepareHost() which
works, until the daemon is restarted. The problem is that the
path is not stored in private data or anywhere inside live XML
and thus later, when qemuExtTPMStop() is called (when shutting
off the guest) the stored logpath is NULL and thus its seclabel
is not cleaned up (see virSecuritySELinuxRestoreTPMLabels()).

Fortunately, qemuExtDevicesStop() (which calls qemuExtTPMStop()
eventually) does call qemuExtDevicesInitPaths() where the log
path can be generated again.

Basically, tpm->data.emulator.storagepath is generated in
qemuExtTPMInitPaths() and its seclabels are restored properly,
and this commit move logfile onto the same level.

This means, that the log path doesn't have to be generated in
qemuExtDevicesStart() because it was already done in
qemuExtDevicesPrepareHost().

This change also renders @vmname argument of
qemuTPMEmulatorPrepareHost() unused and thus is removed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769196
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-02 09:45:49 +01:00
Michal Privoznik
f9cd29a2e4 qemu_tpm: Move logfile path generation into a separate function
Strictly not needed, but the rest of paths is generated in
separate functions. Helps with code readability.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-03-02 09:44:03 +01:00
Kristina Hanicova
78879650e4 Remove redundant variables/labels
In files: src/lxc/lxc_native: in lxcAddNetworkRouteDefinition(),
src/conf/networkcommon_conf: in virNetDevIPRouteCreate() and
virNetDevIPRouteParseXML()

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-01 18:50:22 -05:00
Kristina Hanicova
5fa51adcf2 Use g_autoptr instead of virNetDevIPRouteFree if possible
In files: src/conf/domain_conf: in virDomainNetIPInfoParseXML(),
src/lxc/lxc_native: in lxcAddNetworkRouteDefinition(),
src/vz/vz_sdk: in prlsdkGetRoutes(), src/conf/networkcommon_conf:
in virNetDevIPRouteCreate()

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-01 18:50:22 -05:00
Kristina Hanicova
8c23da73b6 networkcommon_conf: Use g_autofree where possible
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2021-03-01 18:50:22 -05:00
Tim Wiederhake
5ac6ab2fde cpumap: Add support for svme-addr-check CPU feature
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-01 20:09:46 +01:00
Tim Wiederhake
5c17a7ba41 cpumap: Add support for ibrs CPU feature
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-01 20:09:46 +01:00
Tim Wiederhake
a208176ca1 cpu_map/sync_qemu_i386.py: Add mapping for svme-addr-check
This was added to qemu in commit 5447089c2b3b084b51670af36fc86ee3979e04be.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-01 20:09:46 +01:00
Tim Wiederhake
9f156b6e51 cpu_map/sync_qemu_i386.py: Add mapping for ibrs
This was added to qemu in commit 623972ceae091b31331ae4a1dc94fe5cbb891937.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-01 20:09:46 +01:00
Tim Wiederhake
e52150d2cc cpu_map/sync_qemu_i386.py: Add mapping for amd-ssbd
This was added to qemu in commit 623972ceae091b31331ae4a1dc94fe5cbb891937.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-03-01 20:09:46 +01:00
Cole Robinson
e074a89f4d hyperv: Fix 32bit compilation
Example:
../src/hyperv/hyperv_driver.c:3007:54: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘size_t’ {aka ‘unsigned int’} [-Werror=format=]
 3007 |             virReportError(VIR_ERR_INTERNAL_ERROR, _("Could not attach serial port %lu"), i);

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2021-03-01 13:46:20 -05:00
Daniel Henrique Barboza
8c9a600457 virhostdev.c: remove missing PCI devs from hostdev manager
virHostdevReAttachPCIDevices() is called when we want to re-attach
a list of hostdevs back to the host, either on the shutdown path or
via a 'virsh detach-device' call.  This function always count on the
existence of the device in the host to work, but this can lead to
problems. For example, a SR-IOV device can be removed via an admin
"echo 0 > /sys/bus/pci/devices/<addr>/sriov_numvfs", making the kernel
fire up and eventfd_signal() to the process, asking for the process to
release the device. The result might vary depending on the device driver
and OS/arch, but two possible outcomes are:

1) the hypervisor driver will detach the device from the VM, issuing a
delete event to Libvirt. This can be observed in QEMU;

2) the 'echo 0 > ...' will hang waiting for the device to be unplugged.
This means that the VM process failed/refused to release the hostdev back
to the host, and the hostdev will be detached during VM shutdown.

Today we don't behave well for both cases. We'll fail to remove the PCI device
reference from mgr->activePCIHostdevs and mgr->inactivePCIHostdevs because
we rely on the existence of the PCI device conf file in the sysfs. Attempting
to re-utilize the same device (assuming it is now present back in the host)
can result in an error like this:

$ ./run tools/virsh start vm1-sriov --console
error: Failed to start domain vm1-sriov
error: Requested operation is not valid: PCI device 0000:01:00.2 is in use by driver QEMU, domain vm1-sriov

For (1), a VM destroy/start cycle is needed to re-use the VF in the guest.
For (2), the effect is more nefarious, requiring a Libvirtd daemon restart
to use the VF again in any guest.

We can make it a bit better by checking, during virHostdevReAttachPCIDevices(),
if there is any missing PCI device that will be left behind in activePCIHostdevs
and inactivePCIHostdevs lists. Remove any missing device found from both lists,
unconditionally, matching the current state of the host. This change affects
the code path in (1) (processDeviceDeletedEvent into qemuDomainRemoveDevice, all
the way back to qemuHostdevReAttachPCIDevices) and also in (b) (qemuProcessStop
into qemuHostdevReAttachDomainDevices).

NB: Although this patch enables the possibility of 'outside Libvirt' SR-IOV
hotunplug of PCI devices, if the hypervisor and the PCI driver copes with it,
our goal is to mitigate what it is still considered a user oopsie. For all
supported purposes, the admin must remove the SR-IOV VFs from all running domains
before removing the VFs from the host.

Resolves:  https://gitlab.com/libvirt/libvirt/-/issues/72
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
ac81176614 virpci.c: use virPCIDeviceAddressPtr in virPCIDeviceListDel()
This change will allow us to remove PCI devices from a list
without the need of a PCI Device object, which will be need
in the next patch.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
de80a10738 virpci.c: use virPCIDeviceAddressPtr in virPCIDeviceListSteal()
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
f1370f9ca6 virpci.c: use virPCIDeviceAddressPtr in virPCIDeviceListFind()
Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
d7d1479fc0 virpci.c: use virPCIDeviceAddressPtr in virPCIDeviceListFindIndex()
We're going to need a way to remove a PCI Device from a list without having
a valid virPCIDevicePtr, because the device is missing from the host. This
means that virPCIDevicesListDel() must operate with a PCI Device address
instead.

Turns out that virPCIDevicesListDel() and its related functions only use
the virPCIDeviceAddressPtr of the virPCIDevicePtr, so this change is
simple to do and will not cause hassle in all other callers. Let's
start adapting virPCIDeviceListFindIndex() and crawl our way up to
virPCIDevicesListDel().

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
67357e5094 qemu_cgroup.c: skip absent PCI devices in qemuTeardownHostdevCgroup()
There is no need to bother with cgroup tearing down for absent
PCI devices, given that their entries in the sysfs are already
gone.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
a8017c6882 virhostdev.c: add virHostdevIsPCIDevice() helper
Add a helper to quickly determine if a hostdev is a PCI device,
instead of doing a tedious 'if' check with hostdev mode and
subsys type.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00
Daniel Henrique Barboza
fae5e343fb dac, selinux: skip setting/restoring label for absent PCI devices
If the underlying PCI device of a hostdev does not exist in the
host (e.g. a SR-IOV VF that was removed while the domain was
running), skip security label handling for it.

This will avoid errors that happens during qemuProcessStop() time,
where a VF that was being used by the domain is not present anymore.
The restore label functions of both DAC and SELinux drivers will
trigger errors in virPCIDeviceNew().

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2021-03-01 12:25:33 -03:00